DEV Community

BitofWP
BitofWP

Posted on • Originally published at bitofwp.com on

0-day Vulnerability for Social Warfare WordPress plugin

Today, March 21st 2019, Social Warfare plugin has been removed from WordPress.org repository due to a 0-day vulnerability for version 3.5.2 which allowed attackers to inject malicious Javascript code into plugin’s social share links published on any site using it.

**1st Update**

Our development team has submitted Social Warfare V3.5.3 to the WordPress update-repository, which addresses this vulnerability and undoes any changes it makes. Please log-in to your WordPress dashboard and apply this update as soon as possible.

— Warfare Plugins (@warfareplugins) March 21, 2019

Social Warfare plugin was patched only hours ago so if you have any site using it you should either upgrade to version 3.5.3 or de-activate and remove it from your WordPress installation. The patched version is still pending approval in order to be published again under WordPerss.org rep[osiutory so if you’re looking for an option to download the updated version then follow the Social Warfare Free and Social Warfare Pro direct plugin download URLs.

Social Warfare plugin is one of the most popular WordPress social media sharing plugins and has an active install base of over 70,000 sites and more than 805,000 downloads.

**2nd Update**

It seems that Social Warfare plugin has been restored to WordPress.org repository so all current installations will receive an update notification within their WordPress Dashboard.

If your website is already infected by the Social Warfare 0-day vulnerability then take a look at our WordPress malware removal service where we’ll clean your site in less than 24 hours.

The post 0-day Vulnerability for Social Warfare WordPress plugin appeared first on WordPress Support Services by BitofWP.

Top comments (0)